I've recently installed an ASA 5505 to connect several sites via site-to-site VPN which is working just fine. I also required remote access VPN for users which has also been configured using L2TP/IPSec. However, I'm having trouble with the configuration to allow the remote access users to access systems on any of the site-VPN connected networks. Here's the general layout in a hub/spoke configuration:

The central office can communicate with any remote office and all remote offices can communicate with the central office. The remote access users can communicate only with the central office which is their VPN (L2TP) endpoint.

I'm curious what NAT and/or routing configuration do I need to consider to allow the remote access user to access any of the connected remote offices?

Sounds like the addresses in the vpnclientpool either don't have a route to the remote site, or are being blocked by an ACL. Hard to say which without seeing your config. Posting it would help.
–
Jeff LeyserNov 23 '10 at 20:38

is allowing only traffic on 10.100.20.0 onto the splitTunnel. So a VPN client tries to connect to one of your other private IPs, and actually gets routed outside the tunnel, to the Internet. Not what you want.

ok, I added the changes, but it still doesn't work. Interestingly, using the "test-pool" DHCP range which overlaps the internal network allows me to get to all the other sites, but not the site I'm VPN'ed to (10.100.20.0/24).
–
ChrisNov 24 '10 at 4:29